From: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
To: <linux-kernel@vger.kernel.org>
Cc: <bp@alien8.de>, <tglx@linutronix.de>, <mingo@redhat.com>,
<dave.hansen@linux.intel.com>, <Thomas.Lendacky@amd.com>,
<nikunj@amd.com>, <Santosh.Shukla@amd.com>,
<Vasant.Hegde@amd.com>, <Suravee.Suthikulpanit@amd.com>,
<David.Kaplan@amd.com>, <x86@kernel.org>, <hpa@zytor.com>,
<peterz@infradead.org>, <seanjc@google.com>,
<pbonzini@redhat.com>, <kvm@vger.kernel.org>,
<kirill.shutemov@linux.intel.com>, <huibo.wang@amd.com>,
<naveen.rao@amd.com>, <francescolavra.fl@gmail.com>,
<tiala@microsoft.com>
Subject: [PATCH v10 02/18] x86/apic: Initialize Secure AVIC APIC backing page
Date: Thu, 28 Aug 2025 12:33:18 +0530 [thread overview]
Message-ID: <20250828070334.208401-3-Neeraj.Upadhyay@amd.com> (raw)
In-Reply-To: <20250828070334.208401-1-Neeraj.Upadhyay@amd.com>
With Secure AVIC, the APIC backing page is owned and managed by the guest.
Allocate and initialize APIC backing page for all guest CPUs.
The NPT entry for a vCPU's APIC backing page must always be present when
the vCPU is running in order for Secure AVIC to function. A VMEXIT_BUSY
is returned on VMRUN and the vCPU cannot be resumed if the NPT entry for
the APIC backing page is not present. To handle this, notify GPA of the
vCPU's APIC backing page to the hypervisor by using the
SVM_VMGEXIT_SECURE_AVIC GHCB protocol event. Before executing VMRUN, the
hypervisor makes use of this information to make sure the APIC backing
page is mapped in the NPT.
Co-developed-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Reviewed-by: Tianyu Lan <tiala@microsoft.com>
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
---
Changes since v9:
- Commit log update.
- Change secure_avic_page var name to savic_page.
arch/x86/coco/sev/core.c | 22 ++++++++++++++++++
arch/x86/include/asm/apic.h | 1 +
arch/x86/include/asm/sev.h | 2 ++
arch/x86/include/uapi/asm/svm.h | 4 ++++
arch/x86/kernel/apic/apic.c | 3 +++
arch/x86/kernel/apic/x2apic_savic.c | 35 +++++++++++++++++++++++++++++
6 files changed, 67 insertions(+)
diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
index f7a549f650e9..7669aafcad95 100644
--- a/arch/x86/coco/sev/core.c
+++ b/arch/x86/coco/sev/core.c
@@ -1108,6 +1108,28 @@ int __init sev_es_efi_map_ghcbs_cas(pgd_t *pgd)
return 0;
}
+enum es_result savic_register_gpa(u64 gpa)
+{
+ struct ghcb_state state;
+ struct es_em_ctxt ctxt;
+ enum es_result res;
+ struct ghcb *ghcb;
+
+ guard(irqsave)();
+
+ ghcb = __sev_get_ghcb(&state);
+ vc_ghcb_invalidate(ghcb);
+
+ ghcb_set_rax(ghcb, SVM_VMGEXIT_SAVIC_SELF_GPA);
+ ghcb_set_rbx(ghcb, gpa);
+ res = sev_es_ghcb_hv_call(ghcb, &ctxt, SVM_VMGEXIT_SAVIC,
+ SVM_VMGEXIT_SAVIC_REGISTER_GPA, 0);
+
+ __sev_put_ghcb(&state);
+
+ return res;
+}
+
static void snp_register_per_cpu_ghcb(void)
{
struct sev_es_runtime_data *data;
diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h
index 07ba4935e873..44b4080721a6 100644
--- a/arch/x86/include/asm/apic.h
+++ b/arch/x86/include/asm/apic.h
@@ -305,6 +305,7 @@ struct apic {
/* Probe, setup and smpboot functions */
int (*probe)(void);
+ void (*setup)(void);
int (*acpi_madt_oem_check)(char *oem_id, char *oem_table_id);
void (*init_apic_ldr)(void);
diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
index 02236962fdb1..9036122a6d45 100644
--- a/arch/x86/include/asm/sev.h
+++ b/arch/x86/include/asm/sev.h
@@ -533,6 +533,7 @@ int snp_svsm_vtpm_send_command(u8 *buffer);
void __init snp_secure_tsc_prepare(void);
void __init snp_secure_tsc_init(void);
+enum es_result savic_register_gpa(u64 gpa);
static __always_inline void vc_ghcb_invalidate(struct ghcb *ghcb)
{
@@ -605,6 +606,7 @@ static inline int snp_send_guest_request(struct snp_msg_desc *mdesc,
static inline int snp_svsm_vtpm_send_command(u8 *buffer) { return -ENODEV; }
static inline void __init snp_secure_tsc_prepare(void) { }
static inline void __init snp_secure_tsc_init(void) { }
+static inline enum es_result savic_register_gpa(u64 gpa) { return ES_UNSUPPORTED; }
#endif /* CONFIG_AMD_MEM_ENCRYPT */
diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h
index 9c640a521a67..650e3256ea7d 100644
--- a/arch/x86/include/uapi/asm/svm.h
+++ b/arch/x86/include/uapi/asm/svm.h
@@ -118,6 +118,10 @@
#define SVM_VMGEXIT_AP_CREATE 1
#define SVM_VMGEXIT_AP_DESTROY 2
#define SVM_VMGEXIT_SNP_RUN_VMPL 0x80000018
+#define SVM_VMGEXIT_SAVIC 0x8000001a
+#define SVM_VMGEXIT_SAVIC_REGISTER_GPA 0
+#define SVM_VMGEXIT_SAVIC_UNREGISTER_GPA 1
+#define SVM_VMGEXIT_SAVIC_SELF_GPA ~0ULL
#define SVM_VMGEXIT_HV_FEATURES 0x8000fffd
#define SVM_VMGEXIT_TERM_REQUEST 0x8000fffe
#define SVM_VMGEXIT_TERM_REASON(reason_set, reason_code) \
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
index d73ba5a7b623..36f1326fea2e 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -1503,6 +1503,9 @@ static void setup_local_APIC(void)
return;
}
+ if (apic->setup)
+ apic->setup();
+
/*
* If this comes from kexec/kcrash the APIC might be enabled in
* SPIV. Soft disable it before doing further initialization.
diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c
index bea844f28192..948d89497baa 100644
--- a/arch/x86/kernel/apic/x2apic_savic.c
+++ b/arch/x86/kernel/apic/x2apic_savic.c
@@ -8,17 +8,47 @@
*/
#include <linux/cc_platform.h>
+#include <linux/percpu-defs.h>
#include <asm/apic.h>
#include <asm/sev.h>
#include "local.h"
+struct secure_avic_page {
+ u8 regs[PAGE_SIZE];
+} __aligned(PAGE_SIZE);
+
+static struct secure_avic_page __percpu *savic_page __ro_after_init;
+
static int savic_acpi_madt_oem_check(char *oem_id, char *oem_table_id)
{
return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC);
}
+static void savic_setup(void)
+{
+ void *ap = this_cpu_ptr(savic_page);
+ enum es_result res;
+ unsigned long gpa;
+
+ gpa = __pa(ap);
+
+ /*
+ * The NPT entry for a vCPU's APIC backing page must always be
+ * present when the vCPU is running in order for Secure AVIC to
+ * function. A VMEXIT_BUSY is returned on VMRUN and the vCPU cannot
+ * be resumed if the NPT entry for the APIC backing page is not
+ * present. Notify GPA of the vCPU's APIC backing page to the
+ * hypervisor by calling savic_register_gpa(). Before executing
+ * VMRUN, the hypervisor makes use of this information to make sure
+ * the APIC backing page is mapped in NPT.
+ */
+ res = savic_register_gpa(gpa);
+ if (res != ES_OK)
+ snp_abort();
+}
+
static int savic_probe(void)
{
if (!cc_platform_has(CC_ATTR_SNP_SECURE_AVIC))
@@ -30,6 +60,10 @@ static int savic_probe(void)
/* unreachable */
}
+ savic_page = alloc_percpu(struct secure_avic_page);
+ if (!savic_page)
+ snp_abort();
+
return 1;
}
@@ -38,6 +72,7 @@ static struct apic apic_x2apic_savic __ro_after_init = {
.name = "secure avic x2apic",
.probe = savic_probe,
.acpi_madt_oem_check = savic_acpi_madt_oem_check,
+ .setup = savic_setup,
.dest_mode_logical = false,
--
2.34.1
next prev parent reply other threads:[~2025-08-28 9:21 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-28 7:03 [PATCH v10 00/18] AMD: Add Secure AVIC Guest Support Neeraj Upadhyay
2025-08-28 7:03 ` [PATCH v10 01/18] x86/apic: Add new driver for Secure AVIC Neeraj Upadhyay
2025-09-02 10:36 ` [tip: x86/apic] " tip-bot2 for Neeraj Upadhyay
2025-08-28 7:03 ` Neeraj Upadhyay [this message]
2025-09-02 10:36 ` [tip: x86/apic] x86/apic: Initialize Secure AVIC APIC backing page tip-bot2 for Neeraj Upadhyay
2025-08-28 11:02 ` [PATCH v10 03/18] x86/apic: Populate .read()/.write() callbacks of Secure AVIC driver Neeraj Upadhyay
2025-08-28 11:02 ` [PATCH v10 04/18] x86/apic: Initialize APIC ID for Secure AVIC Neeraj Upadhyay
2025-09-02 10:36 ` [tip: x86/apic] " tip-bot2 for Neeraj Upadhyay
2025-08-28 11:02 ` [PATCH v10 05/18] x86/apic: Add update_vector() callback for APIC drivers Neeraj Upadhyay
2025-09-02 10:36 ` [tip: x86/apic] " tip-bot2 for Neeraj Upadhyay
2025-08-28 11:02 ` [PATCH v10 06/18] x86/apic: Add update_vector() callback for Secure AVIC Neeraj Upadhyay
2025-09-02 10:36 ` [tip: x86/apic] x86/apic: Add an " tip-bot2 for Neeraj Upadhyay
2025-09-02 10:36 ` [tip: x86/apic] x86/apic: Populate .read()/.write() callbacks of Secure AVIC driver tip-bot2 for Neeraj Upadhyay
2025-08-28 11:08 ` [PATCH v10 07/18] x86/apic: Add support to send IPI for Secure AVIC Neeraj Upadhyay
2025-09-02 10:36 ` [tip: x86/apic] " tip-bot2 for Neeraj Upadhyay
2025-08-28 11:09 ` [PATCH v10 08/18] x86/apic: Support LAPIC timer " Neeraj Upadhyay
2025-09-02 10:36 ` [tip: x86/apic] " tip-bot2 for Neeraj Upadhyay
2025-08-28 11:11 ` [PATCH v10 09/18] x86/sev: Initialize VGIF for secondary vCPUs " Neeraj Upadhyay
2025-09-02 10:36 ` [tip: x86/apic] " tip-bot2 for Kishon Vijay Abraham I
2025-08-28 11:12 ` [PATCH v10 10/18] x86/apic: Add support to send NMI IPI " Neeraj Upadhyay
2025-09-02 10:36 ` [tip: x86/apic] " tip-bot2 for Neeraj Upadhyay
2025-08-28 11:12 ` [PATCH v10 11/18] x86/apic: Allow NMI to be injected from hypervisor " Neeraj Upadhyay
2025-09-02 10:36 ` [tip: x86/apic] " tip-bot2 for Neeraj Upadhyay
2025-08-28 11:13 ` [PATCH v10 12/18] x86/sev: Enable NMI support " Neeraj Upadhyay
2025-09-02 10:36 ` [tip: x86/apic] " tip-bot2 for Kishon Vijay Abraham I
2025-08-28 11:13 ` [PATCH v10 13/18] x86/apic: Read and write LVT* APIC registers from HV for SAVIC guests Neeraj Upadhyay
2025-09-02 10:36 ` [tip: x86/apic] " tip-bot2 for Neeraj Upadhyay
2025-08-28 11:16 ` [PATCH v10 14/18] x86/apic: Handle EOI writes for Secure AVIC guests Neeraj Upadhyay
2025-09-02 10:36 ` [tip: x86/apic] " tip-bot2 for Neeraj Upadhyay
2025-08-28 11:20 ` [PATCH v10 15/18] x86/apic: Add kexec support for Secure AVIC Neeraj Upadhyay
2025-09-02 10:36 ` [tip: x86/apic] " tip-bot2 for Neeraj Upadhyay
2025-08-28 11:21 ` [PATCH v10 16/18] x86/apic: Enable Secure AVIC in Control MSR Neeraj Upadhyay
2025-09-02 10:36 ` [tip: x86/apic] x86/apic: Enable Secure AVIC in the control MSR tip-bot2 for Neeraj Upadhyay
2025-08-28 11:31 ` [PATCH v10 17/18] x86/sev: Prevent SECURE_AVIC_CONTROL MSR interception for Secure AVIC guests Neeraj Upadhyay
2025-09-02 10:36 ` [tip: x86/apic] " tip-bot2 for Neeraj Upadhyay
2025-08-28 11:32 ` [PATCH v10 18/18] x86/sev: Indicate SEV-SNP guest supports Secure AVIC Neeraj Upadhyay
2025-09-02 10:36 ` [tip: x86/apic] x86/sev: Indicate the " tip-bot2 for Neeraj Upadhyay
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250828070334.208401-3-Neeraj.Upadhyay@amd.com \
--to=neeraj.upadhyay@amd.com \
--cc=David.Kaplan@amd.com \
--cc=Santosh.Shukla@amd.com \
--cc=Suravee.Suthikulpanit@amd.com \
--cc=Thomas.Lendacky@amd.com \
--cc=Vasant.Hegde@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=francescolavra.fl@gmail.com \
--cc=hpa@zytor.com \
--cc=huibo.wang@amd.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=naveen.rao@amd.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=tiala@microsoft.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).